spotbugs/
SpotBugs plugin for SonarQube
USD raised
Recent activities
sonarqube displays errors from a profile that is not assigned to the project
Maven Project Issue - Can not execute Findbugs: One (sub)project contains Java source files that are not compiled
Cannot find pre compiled JSP with Branch Community Plugin
regarding usage of Apache commons-text library
Sonar scanning getting failed to scan the multiple languages due to Findbugs plugin
Apache Common Text library - vulnerability
File handle to findsecbugs-plugin.jar is leaking
Findbugs fails when JavaSensor uses cached data
Apply fb-contrib rules to Unit Tests
Findbugs is reporting false positive bugs in test code
Is sonar-findbugs compatible with Sonarqube 10.x
Update requirements for new versions in the sonar marketplace
Crowd username changes - impact on sonar-findbbugs plugin
FindBug Rules are triggered for Quality PRofile Kotlin and XML
SonarQube Project showing an issue from a Java findbugs rule which is not there in the selected Quality Profile
SonarQube fails with Java 17
Spike in SonarQube Findings
Support Java 21 (Unsupported class file major version 65)
Findbugs timeout issue
new option to analyze tests
Update PAT_TO_FORK
warning about not found original source file for files ignored by SQ configuration
BadRequestException: scala rule findsecbugs-scala:SCALA_XSS_MVC_API cannot be activated on java profile FindBugs Security Audit
Findbugs Analysis should be skipped when there are no Findbugs Rules activated in QualityProfile
Errors occurred during analysis using v3.5
A couple of questions about sonar-update-center-action
Findbugs plugin fails to analyse java project
Configure for Azure DevOps Server SonarQube
Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your (sub)project .
Option to skip sensor completely
Error: java.lang.IllegalStateException: One (sub)project contains Java source files that are not compiled (/home/jenkins/agent/workspace/cationgateway_multibranch_master).
Is sonar-findbugs plugin compatible with Sonarqube EE 9.4?
Findbugs is reporting false positive bugs SA_LOCAL_SELF_COMPARISON when using instanceof pattern matching
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.3.0.603:sonar
java.lang.IllegalStateException: Can not execute Findbugs
Findbugs Security JSP - failing execution
fb-contrib:USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES java rule caught issue in Kotlin Code
Exclude folder for findbugs through Sonarqube scan
Gradle project scan failed with 'One (sub)project contains Java source files that are not compiled'
"Can't find ClassInfo" when looking at dependency
Unsupported class file major version 25888
Can not execute Findbugs: One (sub)project contains Java source files that are not compiled
False positive on lombok @EqualsAndHashCode and generated methods
Availability from maven central and Sonar marketplace
Handling Deprecated Rules in Sonarqube
Support for SonarQube 2025.1?
spotbugs-findsecbugs-plugin: Version 1.13.0 contains a bug and should be downgraded
False positive on lombok @With and generated methods
sonar-findbugs v4.4.0 does not work with SonarQube Community Edition v9.9.8
Scanning Maven projects using Java 11 fails, requires Java 21.
Fix the sonar update center logic
When I install Findbugs pluginγ Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1dbd16a6-org.sonar.server.plugins.ServerPluginManager'
Problem findsecbugs:POTENTIAL_XML_INJECTION SonarQube
Need access to support organization for spotbugs on sonarqube
Caused by: java.lang.IllegalStateException: One (sub)project contains Java source files that are not compiled
The findbugs plugin fails to load on SQ Developer Edition v2025.3 (108892)
FindBugs incompatibility with SonarQube LTA 2025.3 ?
Missing version in release artifact filename
*.kts files not properly excluded?
sonar-findbugs 4.5.2 fails with Java 25
replace the dependent sslr-squid-bridge component
Announce Release 4.6.0 to Sonar Updatecenter
Java 25 Support
[Kotlin] Bogus errors NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR
Integration tests occassionally fail due to errors accessing the jfrog repo
Make "sonar-findbugs" compatible with SonarQube 10.4 "DownloadOnlyWhenRequired" feature
v4.2.8 is missing a release artifact
java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL
Getting "Hard coded password found here" exception where (IMHO) it shouldn't
NoClassDefFoundError after Sonar update from 10.4 to 10.5
ERROR: isAlive was interrupted when applying all findbugs rules into my existing sonarway copy profile to scan a monolithic project
Support Java SDK 8 and 21 simultaneously
Sonatype deploy now requires token authentication
SCALA_PATH_TRAVERSAL_IN Associated rule not present in SonarQube rules
Got a ClassNotFoundException when running scanner with the latest version of sonar-findbugs
There was an interesting error with the findbugs plugin
Can not execute Findbugs
FindBugs scanner complains with only a Kotlin DSL Gradle build script in the sources
NOSONAR not ignored
Drop sonar 8 from any support here, its end of life for even paid for more than a year at time of writing
Missing Java 8 functional interfaces
Can not execute Findbugs with a timeout threshold value of 600000 milliseconds
Attempts to update project failing
No jar for 4.0.1
Dereferencing
Where can I get the matchup version between findbugs-plugin and SonarQube ?
Can findbugs scan the *.java source code directly?
Invalid Class file format for queueAlerts.class
Code smell appears despite existing spotbugs exclude filter
Can not execute Findbugs with a timeout threshold value of 1200000 milliseconds
SonarQube (6.7) analysis gets hung (stuck) in FindBugs sensor step
new bug in old code
Any release planned supporting sonarqube 8.4 ?
performance issue with the Find -bugs plugin
Integrated sonarlint eclipse plugin with sonarqube(findbugs configured). can sonarlint show findbug suggestions in eclipse in eclipse
Upgrade to 4.0.1 also upgrades Sonar-Java
Rule findsecbugs:FILE_UPLOAD_FILENAME breaks JSON export (via API)
Download 4.0.1 jar
Providing a Spotbugs Report to Sonar Project
Suppression with new SQ API
Sonarqube is reporting false findbugs issues on kotlin
Does sonarqube 8.0 supported by this plugin?
XStream < 1.4.14 High-risk vulnerability of remote code execution (CVE-2020-26217)
NPE in SpringEntityLeakDetector if class is abstract
Please update to fb-contrib 7.4.6 - fixes false positives in Java 11
Fails to detect bugs
When will be the next release/hotfix available containing the latest changes on master?
ASM failed to load classfile metadata
Sonar-findbugs artifacts part of target folder
sonar findbugs plugin can not find some code issues while maven spotbugs can
Java project Findbugs execute timeout
Does findbugs support Scala code?
not compatible with java 13
Missing jar file for 4.0.1 release
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin
Excessive build output for TaintAnalysis and DataflowAnalysisException
Warnings seen during sonar analysis
No jar for 4.0.0
searching FindSecBugs findings in SonarQube API with cwe URL parameter
Remove duplicates with SonarJava?
NullpointerException when executing analysis
Failure while scanning Lombok-enhanced class file
Can sonar findbugs plugin support the option `-onlyAnalyze`?
Log4j remote code execution vulnerability (CVE-2021-44228)
SonarQube 8.9.0: Cannot be activated on jsp profile FindBugs Security JSP
Is there a way to ignore Spotbugs' annotation in SonarQube?
Exception with findbugs 4.0.4plugin after 9.1 ugrade
Findbugs plugin does not support JDK 17
Move github action for release automation into this repo
Unable start sonar after update sonar from 8.9.2 to 9.2.0 version sonar-findbugs
Generating too much logs for findsec bug rules
Autowired spring beans are recognized as variables that could be local
false positive "Possible null pointer dereference due to return value of called method"
Exception with SonarQube 8.9.2
We have an issue that the execution of Sonarqube Scan which fails during the package-branch job with error on Concourse
Scala/FindSecBugs Rules not being imported
FindBug-SonarQube: Not a valid line for pointer in JSP file compiled with Jetty
SonarQube βΊ java.lang.IllegalArgumentException: Unable to register token in file
KengoTODA/sonar-update-center-properties has been archived,
Findbugs rule 'EI_EXPOSE_REP' is not active in Sonar.
Can not execute Findbugs: One (sub)project contains Java source files that are not compiled in Scala folder
Is Findbugs plugin for Sonarqube affected by Spring4Shell vulnerability (CVE-2022-22965)
scanForAdditionalClasses misbehaving
Overlap between SpotBugs and SonarQube
The discovery JSP contains js ,XSS vulnerabilities cannot be swept
Jar no longer being published with Github releases
XStream < 1.4.15 Deserialization vulnerability (CVE-2020-26258, CVE-2020-26259) [Version Detection]
Sonarqube 7.9.4 analysis error on GCP cluster
Findbugs profiles not updated after Sonarqube plugin update
Warning messages of unknown rules at the start of SonarQube
SNAPSHOT deployment is failing
False positive resolved marked issues are getting opened as new issues
Getting error while running sonar scanner with Spotbugs rules for monolithic project ?
Sonar 7.9 LTS warnings
Missing Classes for findbugs analysis: makeConcatWithConstants, toPredicate and get
Duplicate rule names
ClassNotFoundException with sonarqube 9
Support for new SonarQube LTS version 8.9?
Could not be matched to its original source file. It might be a dynamically generated class.
Kotlin support missing
kotlin support in sonar
When will sporbugs version 4.4.0 be supported?
π new maintainer wanted
Β© 2019 BoostIO, Inc.
IssueHunt
